phoromatic: Run htmlspecialchars() when printing out the passed trigger

This shouldn't be much of an issue anyhow since getting to this stage firt requires having credentials / API access key, there isn't any JavaScript used besides some display elements on the Phoromatic site, and anyhow most running Phoromatic on private intranets Reported-By: wtwver on @huntr-dev
phoronix-test-suite · Sep 7, 2021 · 262d238 · 262d238
1 parent 61a284d
commit 262d238
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pts-core/phoromatic/public_html/event.php b/pts-core/phoromatic/public_html/event.php
@@ -93,7 +93,7 @@
 		$stmt->bindValue(':sub_target', $sub_target);
 		if($stmt->execute())
 		{
-			echo 'Trigger ' . $_GET['trigger'] . ' added!';
+			echo 'Trigger ' . htmlspecialchars($_GET['trigger']) . ' added!';
 		}
 		break;